Re: [Openh323gk-developer] Thoughts on H.323 encryption or Why your AES encryption might be worth nothing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le 2013-09-23 13:25, Hani Mustafa a écrit :
> Most vendors (including aforementioned vendors) have mostly just hoped
> that the entire industry is going to move to SIP and also placed their
> bets there, hoping that all the security problems with H.323
> authentication would go away.

In practice, SIP is just as vulnerable to MitM attacks. Here's a very
good overview:

http://slideshare.net/oej/ietf-poshsipsecurityoej

As long as nobody verifies TLS certificates, I don't see how the
situation can change for either SIP or H.323.

Simon

------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/





[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux